Blockchain Attacks: Eclipse Attack

The Eclipse attack is another well-known attack in the world of cryptocurrencies. It consists of isolating and cutting off the victims ‘ network connectivity by flooding them with false data about the blockchain network of which they are a part.

What is an Eclipse Attack?

The number of attacks that can be performed against the blockchain network is numerous, and among them is the Eclipse Attack. This is a type of cyberattack that aims to isolate and attack a specific user who is part of the network. All in order to be able to manipulate the data that the target receives from the network. Thus, any malicious actions can be carried out against the victim.

Surely, peer-to-peer networks (P2P) and blockchain technology are very secure, but there is no absolute security, and therefore we will tell you everything about this type of threat, as well as find out the existing means to avoid it and protect yourself.

Anatomy of a cyber threat

As we mentioned at the beginning, the Eclipse attack or information blackout attack is aimed at disconnecting the victim from the actual data flow from the network. This is so that the attacker can replace the victim’s data on the network. It sounds pretty intimidating from a security perspective, and it certainly is. But you may wonder why it is possible to conduct such an attack? Is there any way to avoid them?

First, these types of threats are possible due to the structure and limitations of the peer-to-peer communication protocol that the blockchain uses. In particular, this is due to the restriction of the number of connections and the safe selection of nodes. For example, in the Bitcoin network, the limit of outgoing connections (which you can establish with other remote nodes) is 8 connections. This means that each Bitcoin node is capable of supporting bidirectional connections to 8 nodes at the same time. The loop repeats on each node, because this behavior is part of the protocol described in Bitcoin Core.

Now this represents both an advantage and a disadvantage. On the one hand, its advantage is that due to the small number of connections, it requires little computing power and bandwidth. This opens the door for anyone from anywhere in the world to have a Bitcoin node. Thanks to this, it turns out to decentralize the network and increase security.

But restricting connections also has a drawback, namely that these connections are relatively easy to intercept. The effort required to do this depends on the security features, the process of selecting the protected node, and the size of the network. But basically all you need is a botnet under your control, and detecting IP addresses from the rest of the network nodes. So when these nodes restart their connection to the network, malicious nodes can interfere with the connection and take control of the victim.

Consequences of this type of cyberattack

The consequences of such malicious interference are diverse, and among them we can distinguish:

  • Using a Network Management connection

Once an attacker gains some control over the network, there is nothing stopping them from further strengthening that control. In fact, with each new node under control, it becomes easier and easier to expand your network presence. When you have node management, you can manipulate the locks as you see fit, and even sabotage and monitor network connections.

Eventually, an attacker may even be able to manipulate the growth of the network by changing the versions of the blockchain registry as they see fit.

  • Perform a block race

This is a highly specialized type of attack that can be performed on networks using the Proof of Work (PoW) protocol. This was pointed out back in 2015 by researchers Ethan Heilman, Alison Kendler, Aviv Zohar and Sharon Goldberg in their work “The Eclipse Attack on the Bitcoin peer-to-Peer Network”.

The explanation for the cyberattack is that if two miners discover a block at the same time, an attacker can use an eclipse attack on those miners to focus their mining efforts on the unattended blocks. This will give the attacker the opportunity to mine their own blocks. In the end, the attacker achieves that his block will be processed by the network under his control and will receive a reward.

Another possibility is to share the mining power in the network. Thus, an attacker can make it easier to launch a 51% attack to rewrite the blockchain or registry.

Finally, it also opens up the possibility of attacks by double-confirming expenses. This means that an attacker can control a certain group of miners and report from there that the transaction has received a number of confirmations. This cyber threat, for example, will allow you to trick the seller into thinking that the transaction for the service was confirmed by the network. But in reality, he will be the victim of an elaborate eclipse attack.

  • Attacks on second-level protocols

Another consequence of this type of threat is attacks on second-level protocols. That is, such protocols as Lightning Network, OmniLayer or RSK in the PTS are vulnerable. Or even created on the basis of smart contracts, such as all those that run on Ethereum, EOS or TRON.

This becomes possible because the eclipse will trick the victim into seeing the unreal state of the network. For example, the Lightning payment channel will be displayed as open to the victim, while the attacker closed the channel, taking the funds with him. In the case of smart contracts, users will see inconsistent blockchain states.

The possibility of launching new and more dangerous threat vectors

The possibility of launching new and more dangerous threat vectors

The eclipse attack is also the source of a more dangerous and far-reaching type of threat-the Erebus Attack. This attack is capable of performing a large-scale blackout on the network, which will cause it to split. As a result, anyone who performs an Erebus attack can split the network and manage it as they see fit, with the ability to perform a denial of service (DoS) attack, a 51% attack, or create a blockchain hard fork.

How can this be prevented?

These attacks have been known for a long time. In fact, they are known from the very creation of the first peer-to-peer networks. For example, according to the Kademlia protocol, it was susceptible to such attacks. However, this protocol implements a number of measures to prevent them. Some of these measures are still being implemented today with some improvements. Among these measures are the following:

  • Peer-to-peer identification system

This system ensures that the peers in the network have a unique and unique identifier. This is a way to create an ID tree that lets you know who is who on the network. In the blockchain, this is possible due to the use of asymmetric cryptography. However, this measure is not sufficient, because it is possible to run multiple nodes using the same IP address. For example, an attacker can create multiple nodes to control them and continue to apply their attack to the network.

Consequently, this measure is supplemented by the restriction of identities by IP, which prevents the use of this vector.

  • Peer selection process

Another important point to avoid Eclipse attacks is to have a reliable peer selection process for the network. For example, in Ethereum, this process uses a protocol based on Kademlia. This allows Ethereum to associate each element with a key and be stored only in those pairs whose node ID is “close” to the key associated with it. This “proximity” is defined as the binary Hamming distance between the key and the node ID.

In this way, the network ensures that there are a number of well-identified and connected nodes.

  • Monitoring incoming and outgoing connections

Another control measure used in the blockchain to avoid cyber threats is the control of incoming and outgoing connections. To do this, restrictions are set on communication with network nodes, so that in the event of an attack on a node, it can not affect most of the network. This prevents a node from having too much coverage, and an attacker will have to control multiple nodes to make a successful attack. In addition, this measure is being strengthened by decentralizing and expanding the network.

In total, these three protections are the most basic that all blockchain networks apply to their protocols. Their goal is clear: to make the eclipse attack very expensive. The use of all these defenses implies that the attacker must make a huge effort to control the network and carry out their attack. In fact, the larger the network for an attack, the more difficult it is to conduct it. Consequently, blockchain promoters are always asked to install full nodes to strengthen the network.

Is it easy to perform an information blackout?

Bitcoin and the rest of the blockchain networks are very clearly aware of the risks of Eclipse attacks on their networks. For this reason, they are always looking for mechanisms that help counteract these failures while maintaining the highest possible level of security.

How to avoid becoming a victim of the Eclipse Attack

The best way to protect yourself from this type of attack is to take into account a number of recommendations. Among them are the following:

  1. Be sure to use a payment system and wallets with a good reputation. If possible, try setting up your own node and using it to validate your transactions. In this way, you will not only help protect the network, but also create security measures to protect yourself from this type of threat.
  2. Avoid accepting payments with 0-conf or no confirmations. Remember that in this state, transactions can be manipulated in many ways, and eclipse is one of them.
  3. If you have your own node, be sure to protect it. The easiest way is to limit the number of incoming connections, with a firewall preventing these connections.
  4. You can also periodically check the connections of your node or wallet and create a list of trusted nodes that you will use at any time. This will avoid unpleasant surprises in case your node is connected to a malicious node that attacks you or any other network user.
  5. Update your wallets and nodes. Developers are aware of cyber threats, and are looking for ways to strengthen connection protocols. Updating in this regard can provide you with better protection.

With these simple recommendations, you can better protect yourself from such hacking tricks and thus take care of your money and privacy.